Dabber Worm Exploits Sasser Flaw

Print Thread

Rate Thread

Dabber Worm Exploits Sasser Flaw #39972 05/17/04 05:07 PM
Joined: Apr 2004 Posts: 298 Houston, TX Phatal OP UGN News Staff
OP Phatal UGN News Staff Joined: Apr 2004 Posts: 298 Houston, TX	A new worm that takes advantage of a vulnerability in the Sasser worm has been detected by network-security services provider Lurhq. Dubbed "Dabber," the worm only invades Windows systems already infected by Sasser. Dabber uses code installed by the Sasser-FTP (file transfer protocol) exploit application to burrow into a PC , remove Sasser, and install a server on the infected machine to further propagate. Once inside, Dabber alters the machine so that the worm is activated each time the computer is booted up. It also leaves a back door for the hacker to gain control of the PC. First of Its Kind "This is unusual, in that it is the first time we have seen a worm that exploits a vulnerability in another worm in order to spread," Lurhq spokesperson Rick Talford told NewsFactor. Most worms typically exploit a vulnerability in the operating-system software, he explained. The new worm incorporates code from the Sasser-FTP exploit and scans for Sasser-infected hosts. It has a TFTP server built in to upload the executable file of the worm to the target system. When the command runs, a file "package.exe" will be copied to the victim system and executed. Remove Package.exe Users should kill the package.exe process using the Windows Task Manager, Lurhq advises. Package.exe should be removed from the Windows system directory and all startup folders. As of Friday morning, Dabber is spreading slowly, primarily because of thorough cleanup efforts associated with Sasser, Talford said. You can view the original article here... http://www.newsfactor.com/story.xhtml?story_title=D...asser-Flaw&story_id=24058

UGN Security Forums UGN Security: UGN Archives Tech News Dabber Worm Exploits Sasser Flaw